[wplug] iptables, port forwarding and vnc.

John Harrold jmh17 at pitt.edu
Thu Mar 4 14:41:23 EST 2004 

Sometime in March James O'Kane assaulted the keyboard and produced:

| On Thu, 4 Mar 2004, John Harrold wrote:
| > would it look something like this:
| >
| >  $IPTABLES  -t nat -A POSTROUTING -d $WINDOWS -j SNAT  --to $PGW
| 
| 
| -s $WINDOWS these packets are coming from the windows machine, so it's -s
| for source. You probably want to add the --sport stuff too, so that it
| only matches the vnc packets.
| That also needs to be above any MASQUERADE line you might have, so I'm not
| sure if -A is what you want. You might need -I POSTROUTING 1.

i came up with something using xinetd. adding the following to 
/etc/services

vnc-http        5800/tcp
vnc-http        5800/udp
vnc-main        5900/tcp
vnc-main        5900/udp

and adding this to /etc/xinetd.conf

service vnc-main
{
        disable         = no
        flags           = REUSE
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = nobody
        log_on_failure += USERID
        redirect        = 192.168.0.189 5900
        port            = 5900
}

service vnc-http
{
        disable         = no
        flags           = REUSE
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = nobody
        log_on_failure += USERID
        redirect        = 192.168.0.189 5800
        port            = 5800
}




-- 
--------------------------------------------------------------------------
                                               | /"\
 john harrold                                  | \ / ASCII ribbon campaign
      jmh at member.fsf.org                    |  X  against HTML mail
           the most useful idiot               | / \
--------------------------------------------------------------------------
 What difference does it make to the dead, the orphans, and the homeless,
 whether the mad destruction is brought under the name of totalitarianism or
 the holy name of liberty and democracy?
 --Gandhi
--------------------------------------------------------------------------
gpg --keyserver keys.indymedia.org --recv-key F65A739E
--------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20040304/0ee8d78c/attachment-0001.bin

More information about the wplug mailing list